package cn.dsp.admin.config;

import cn.dsp.admin.realm.AutuRealm;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;

import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;

import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;

import org.apache.shiro.mgt.SecurityManager;

import org.apache.shiro.web.servlet.SimpleCookie;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;

import org.springframework.context.annotation.Configuration;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.DependsOn;

import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.util.DigestUtils;


import javax.annotation.PostConstruct;
import java.util.LinkedHashMap;


@Configuration
public class ShiroConfiguration {

    @Bean
    public SecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        // 设置realm.
        securityManager.setRealm(myShiroRealm());
        return securityManager;
    }

    /**
     * 身份认证realm; (这个需要自己写，账号密码校验；权限等)
     * @return
     */
    @Bean
    public AutuRealm myShiroRealm() {
        AutuRealm myShiroRealm = new AutuRealm();
        myShiroRealm.setCredentialsMatcher(new CustomCredentialsMatcher());
        return myShiroRealm;
    }


    /***    配置ShiroFilterFactory工厂
     *      * 定义shiroFilter过滤器并注入securityManager
     *      * @param manager
     *      * @return
     */
    @Bean("shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(SecurityManager manager) {
        //shiro 包
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        //设置securityManager  当此用户是一个非认证用户,需要先登陆进行认证
        bean.setSecurityManager(manager);
        //设置登录页面
        //可以写路由也可以写jsp页面的访问路径
        bean.setLoginUrl("/web/login.html");

        //设置登录成功跳转的页面
        bean.setSuccessUrl("/web/index.html");

        //设置未授权跳转的页面
        bean.setUnauthorizedUrl("/unauthorized");

        //定义过滤器 //下边表示允许匿名访问的文件夹 ， 前面为固定的文件夹的路径（根据自己的醒目而定例如图片等等）
        LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        //配置不登录可以访问的资源，anon 表示资源都可以匿名访问

        filterChainDefinitionMap.put("/shiro/toLogin", "anon");
        filterChainDefinitionMap.put("/web/login.html", "anon");
        filterChainDefinitionMap.put("/shiro/login", "anon");
        filterChainDefinitionMap.put("/css/**", "anon");
        filterChainDefinitionMap.put("/js/**", "anon");
        filterChainDefinitionMap.put("/images/**", "anon");
        filterChainDefinitionMap.put("/bootstrap3/**", "anon");

        //logout是shiro提供的过滤器
        filterChainDefinitionMap.put("/logout", "logout");
        //授权过滤器
        filterChainDefinitionMap.put("/shiro/admin", "roles[admin]");

        //此时访问/userInfo/del需要del权限,在自定义Realm中为用户授权。
        filterChainDefinitionMap.put("/shiro/delete", "perms[del]");

        //其他资源都需要认证  authc 表示需要认证才能进行访问
        filterChainDefinitionMap.put("/**", "authc");
        bean.setFilterChainDefinitionMap(filterChainDefinitionMap);

        return bean;

    }




}


